John Hammond doesn’t really need an introduction, he is one of the most famous cybersecurity researchers, educators, and content creators. As part of the Threat Operations team at Huntress, John spends his days making hackers earn their access and helping tell the story. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages, and the adversarial mindset.
He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs, and other cyber security content.
John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).
In an interaction with Augustin Kurian, the Editor in Chief of The Cyber Express, John talks about his journey as a cybersecurity content creator on YouTube, newer trends in cybersecurity news and some new threat actors in the space, and more importantly, some nice tips on password hygiene.
Here is a brief excerpt from the interview.
Augustin Kurian: Tell us a bit about your journey, figuring out that cybersecurity is the place you want to be, starting at your own gig and then coming up with a YouTube channel, and doing incredibly well there in that space, I think you should be proud of producing one of the best cybersecurity contents on YouTube. So, how did it all begin?
John Hammond: I guess I got started, probably in the whole technology computer sphere when I was a lot younger—I think eight or nine. I was thinking, I want to make video games, or I want to be a hacker like I have seen in the movies. That looks very cool. And because computers are interesting. And they look like they’re fun. And I liked that you could do so much creative stuff. I asked my father if I could learn how to make a website.
So, he taught me HTML and CSS and the beginnings of JavaScript and stuff like that. And then he said, well, if you want to start a website, you need to have a server, you need to be able to host it on something. So, he got me this machine, a box that’s run like Turbolinux old school distribution. And he said, all right, well, let’s learn how to use Apache and Nginx. And let’s create all this. So, for that longest time, it was in the building mentality of like, let’s write software. Let’s create stuff.
It wasn’t until I got into my undergrad, or college that I went. I went to one of the military academies in the United States, the Coast Guard Academy, and they care much more about the security of applications that you create, right? It’s cool that you made this thing, but is it battle-tested? Is it safe? Is it sturdy? Can it be beaten up? So, that introduced me to vulnerabilities and exploits and CVE is in that whole wide world of cybersecurity. And I thought this is really interesting. You know, this is kind of fulfilling, where you have sort of a good versus evil mentality in defending against adversaries. So, it just felt like, man, this is fascinating. And I’m happy to be a part of it.
Augustin Kurian: So, how did the YouTube thing happen?
John Hammond: It’s funny because the way that I was learning way back was through Googling. I was looking online and watching videos on YouTube on how to code a program and work through tutorials. And I thought that might be how a lot of people learn. I’ve heard people say the best way to become a master of something or to get better at it is to try to teach it to others. So, I thought, I can make some silly videos and showcase what I’m learning. For the longest time, if you look back, you can even find videos from like 2009 or 2011, like a decade ago on my channel, but it’s slow growth. I never expected it to become what it is today. But it’s very fulfilling and super sweet to see it has grown and blossomed and turned into something of its own.
The full version of the interview can be found at the beginning of the article.